Home automation security

Of course loxone offers the possibility to connect the miniserver to the internet and also an app for mobile devices to connect to your smart home via internet. The problem is the connection is not as smart as expected. heise.de had a short and a long story about that.

So the first step is not to connect the system to the internet at all. The second step is to have a separate network for the home automation with very restricted access in both directions. Of course I want to use something like ntp ro make sure the time is always correct. But what I do not want is that the system is accessible from the outside.

Another reason to restrict the internet access for the miniserver is that after loxone provides a software update and the miniserver becomes “aware” it’ll start complaining that the software sould be updated. This is acceptable for the people who run the installation, but the normal user should not be bothered with that kind of information.

cancombase

With the help of Jonas as reviewer I’m one step closer to the solution that was missing in Switch selection. The first version of cancombase is finsihed.

The 5×10 cm pcb fits behind the switches in a double plug socket. The 4 pairs in the CAT cable will be used in the following way:

  1. Connect switch 1 to the miniserver and the backuo system (a post will follow)
  2. Power supply 24V (the selected switches need the 24V and I have decided – since I don’t know better – that a buck is easier than a boost)
  3. + 4. CAN (Since CAN bus does not allow a star topology it’ll be a long bus with a baud rate of around 100kBaud. Of course this has to be checked after installation. Wikipedia indicates that 125 kbit/s allow up to 500 meters of cable. A rough calculation )

A description of the PCB is available here. It’s based on the arduino pro mini. Or an available clone of it.

The gap between the now introduced CAN and the loxone miniserver will be filled (most probably) with a rasperry pi that converts the CAN messages to UDP messages the miniserver is able to read.

Apart from reading switch states (maybe with double-click detection) and writing to feedback LEDs the next version of cancombase will also contain a temperature sensor.

Switch selection

As mentioned before, I want a switch setup that is the same in every room. Of course I considered loxone touch connected to the miniserver by loxone tree  But I did not like it because of two reasons:

  1. The design is different from the design of the plugs and other elements. I don’t like the idea of having different looking electrical components.
  2. There is no possibility for a backup solution that allows to control light independent of the miniserver.

So I’ve chosen Taster 10 AX 250 V ~ (531 U)  (I’ll call it “1” from now on) and   Tastsensor-Modul 24 V AC/DC, 20 mA (A 5236 TSM) (I’ll call it “6” from now on, and the switch in the upper left will be called 6_1, the upper right 6_2 and so on …) from the company Jung.

The idea is to control the main light of each room with 1. 6_1 (up) and 6_2 (down) will be used for the roller blinds. The four remaining switches can be used differently in all rooms dependent on the needs.

But, and there’s always a but, a CAT cable only contains 8 wires. Even though it’d be enough for 7 push buttons there is no wire left for the 6 red feedback LEDs and the RGB LED. Connecting all that would require 3 CAT cables.

1 for 1
6 for 6_1 to 6_6
2 for Vcc and Ground
6 for red feedback LEDs
3 for RGB LED
----------
18 lines for each switch -> 3 CAT cables à 8 lines

That’s a price and effort I’m not willing to pay. It’d also mean that the miniserver has to provide 16 in/outputs for each room. This is what would make it really expensive. So I’ve decided to spend more of my time and come up with a solution that allows to connect my switch setup to the miniserver and to the backup circuitry at the same time while requiring only 1 CAT cable per switch.

Yes, that’s a cliffhanger.

Cables cables cables

Starting point of home automation is the signal and power cables routed to the switch cabinet in the basement. The additional cost and effort is the signal cables that would not be required in a traditional setup. The additional effort for the power lines can be neglected since the additional length from each room to the basement is compensated by less cable in the rooms for example from a switch for the roller blinds to the motor of the roller blind.

On the left you can see the power cables that go to the lights, plugs and roller blinds.

The red cables are the connections to the smoke detectors. Each room that is either a potential sleeping room or that is part of the escape path has a smoke detector (required by law). Additionally to the mandatory requirements they are connected on floor level and the floors are connected in the switch cabinet. In addition there is a connection between the three parts of the house. Currently they are all hard wired together. This might change in future to suppress the forwarding of alarms for some time. E.g. when testing smoke detectors in one part of the house it’s not desired to trigger all other smoke detectors.

As you can see there is still much space left in the switch cabinet, and that can’t be filled up only by simple fuses.

Nowadays, on floors that are partially constructed with wood, you’ve to install special fuses with spark detection . Those are 3 times the size of the traditional ones.

There will be the fault current protection switches that are nowadays mandatory for all three phases and not only for the bathroom.

There is my backup circuitry, that makes sure that, even without the home automation system, in each room the light can be switched and the roller blinds can be moved.

There will be a power supply for the backup system as well as for the home automation system.

And last but not least there will be the home automation system itself.

Logging data

Since the miniserver has only a SD-card as internal storage and it’s prone to wear I’m thinking about logging of data outside the miniserver. Loxone offers so called loggers. One possibility is to set the storage location to a syslog target outside the miniserver. so now the data is in /var/log/syslog of alix.

What I need next is a possibility to store the data over a long time and a possibility to display it.

Possibilities I see:

  1. Do everything on my own
  2. influx/grafana
  3. logstash/kibana

Since #1 means work and maintenance and #2 & #3 mean quite a big installation on a small system I’m very open to suggestions of something in between.

Home Automation

When building a house of course the question comes up whether, and immediately after that, how much home automation should be implemented. First step after deciding that I want home automation was the selection of a system. I decided to use loxone. There are reasons:

  1. One of my friends already has some experience with the system
  2. The system is centralized, so in case it has to be replaced it can be done in that central place and no hardware updates are required in the living room. The centralized solution also allows to set up a backup system that provides basic functionality like switching of light and opening/closing of roller blinds.
  3. The company delivers the configuration software with the hardware without additional costs and conditions. If I want to update anything in the future I can do that. If I want to stick with an old version of their software I can stick with that.

The home automation has the goal to be invisible for the user and offer all the functionality that you’re used to in a “normal” home as a base. If you enter a room there shall be a switch that will turn on the light if pressed. Only if you want to you can dim the light by holding the switch or by double clicking.

Also the basic setup should look the same in all the rooms. So I’ve decided for a combination of a normal sized light switch and a 6 pin switch below it.

Details will follow.

The mechanical part of the house already exists:

tttool

My son got a tiptoi. I was interested how it works and a little bit of googling lead me to this page. It provides a tool to create your own pages, books, adventures or puzzles. I gave it a try and this is the result.

a hand
result of 1st try with tttol

It does not look pretty and I could not print it in color, but the b/w version works. You can see the dotty area on each finger and on the i/o and play button. They contain the code that is read by the tiptoi pen. The example ha two modes. Mode one will just say the name of the finger when you touch it. Mode two can be activated by touching the play button on the lower right. If you touch the fingers in order starting with the thump it’ll tell the German poem “Das ist der Daumen …” or complain if the oder is not correct.

Find here the code:

product-id: 42
comment: das_ist_der_daumen
init: $spiel:=0
welcome: hallo
language: de
scripts:
 dau:
 - $spiel == 0? P(daumen)
 - $spiel == 1? $pos == 0? P(vdaumen) $pos := 1
 - $spiel == 1? $pos != 0? P(vnochmal,vanderer,vsicher,vhmmm)
 zei:
 - $spiel == 0? P(zeige)
 - $spiel == 1? $pos == 1? P(vzeige) $pos := 2
 - $spiel == 1? $pos != 1? P(vnochmal,vanderer,vsicher,vhmmm)
 mit:
 - $spiel == 0? P(mittel)
 - $spiel == 1? $pos == 2? P(vmittel) $pos := 3
 - $spiel == 1? $pos != 2? P(vnochmal,vanderer,vsicher,vhmmm)
 ring:
 - $spiel == 0? P(ring)
 - $spiel == 1? $pos == 3? P(vring) $pos := 4
 - $spiel == 1? $pos != 4? P(vnochmal,vanderer,vsicher,vhmmm)
 kle:
 - $spiel == 0? P(klein)
 - $spiel == 1? $pos == 4? P(vklein) $pos := 0
 - $spiel == 1? $pos != 4? P(vnochmal,vanderer,vsicher,vhmmm)
 spiel:
 - $spiel == 0? P(spiel_start) $spiel:=1 $pos := 0
 - $spiel == 1? P(spiel_end) $spiel:=0 $pos := 0
speak:
 hallo: "Hallo!"
 daumen: "Daumen" 
 zeige: "Zeigefinger" 
 mittel: "Mittelfinger" 
 ring: "Ringfinger" 
 klein: "kleiner Finger" 
 spiel_start: "Das Spiel wird jetzt gestartet. Beginne mit dem Daumen!"
 spiel_end: "Das Spiel wird jetzt beendet"
 vdaumen: "Das ist der Daumen!" 
 vzeige: "Der schüttelt die Pflaumen!" 
 vmittel: "der liest sie auf!" 
 vring: "der trägt sie nach Haus!" 
 vklein: "und der isst sie alle alle auf!" 
 vnochmal: "Versuchs nochmal!"
 vanderer: "Versuch einen anderen Finger!"
 vsicher: "Sicher?"
 vhmmm: "Hmmmm!"

Watchdog for the raspberry pi

As mentioned by Alex the link was down. Two things happened:

  1. The raspberry pi was not running anymore.
  2. The Internet connection was down.

For the second problem I don’t have a solution yet. For the not running raspberry pi there might be one:

The internal watchdog of the raspberry pi. It can be activated by loading the module, making sure it gets reloaded after a restart and installing the triggering software.

$ sudo modprobe bcm2708_wdog
$ echo "bcm2708_wdog" | sudo tee -a /etc/modules
$ sudo apt-get install watchdog

Configuration happens in the file

/etc/watchdog.conf

by uncommenting the following lines:

watchdog-device        = /dev/watchdog
max-load-1             = 24

This is a very basic configuration and it will restart the raspberry pi in case the load is above 24 for a 1 minute interval.

Activation of the demon can be done like this:

$ sudo service watchdog start

Specific in my case is the additional option to check whether the file, that was not working as mentioned above, is written to on a regular basis. This can be achieved by adding the following lines in the configuration:

file = /data/solar/solar.touch.start
change = 300
file = /data/solar/solar.touch.end
change = 600

Each “file” entry specifies a file that will be checked by the watchdog whether it’s been touched and the “change” entry specifies the time that the file can stay untouched before the watchdog will not be triggered any more and by that lead to a system reset. The first file is touched at the start of the script, the second one at the end. So in case the script for updating the yield data is not called any more the system will be reset after 5 minutes. If the script is started, but does not finish properly it’ll be reset after 10 minutes.

Time will tell how reliable the watchdog is.

PVI logging

After a long break I’ve started logging the PVIs in my father’s house again. The main reason for reactivating the scripts was that the two PVIs have shown different yield numbers at the end of the day. Further investigation has shown that the internal clock of one of the PVIs was wrong, so at around noon the yield counter was reset, which of course led to different results. Anyway the graphs are online now. Currently the graphs are generated using google charts. Hints for an alternative are welcome.